When we talk about mobile phones, we generally have 2 major flavours; Android by Google and iOS by Apple. Many people argue that iOS is way more secure than Android, why is that? Well, for a start, I only allow my kids to use iOS devices. Mainly because the only way to install apps on it is via the AppStore. Apple has been pretty strict with this policy and I believe this is the main reason why it's more secure. Android on the other hand allow users to download from unknown sources such as standalone APK files that can be downloaded from anywhere. The same can be done on an iOS if it is jailbroken, but that requires some level of work that most average people will not undertake unless he has a good reason to do so. Further more, jailbreaks for iOS are getting scarce as hackers are inclined to sell their wares than make it public.
From an OS architecture, I feel that there are both fairly secure. Both OS are built around multilayered Sandboxes that controls system interactions between the Kernel and Apps. While Apple keeps its iOS source code private and Android is Open Source. The former relies on security thru obscurity. There have been many bug bounties offered by both Google and Apple, some offering over USD200k in cash for anyone that can produce a working remote exploit. In the open market, an iOS exploit can go up to USD1.5Million. The bounty is higher for iOS because Apple is known to be more 'secure' than Android. Even President Trump has switched from Android to Apple phone. Both Google and Apple have strict security screening for all apps that appear in their online stores, Google uses Bouncer to scan apps for malicious code but lately we have heard instances of Android apps infected by malware.
Another reason Apple is referred as a more secure device is due to its patch management life cycle. iOS has only one variant used on all Apple phones, there are no 'modified by manufacturer' or cloned iOS variants. This makes it easier when it comes to pushing out updates to millions of users because there is only 1 iOS image to push to users. Android on the other hand, have more than a dozen of different mods, with each phone manufacturer free to add customisations to suit different phone models. It proves difficult when some manufacturers don't respond promptly when there is a major flaw discovered as each Android patch needs to be tailored to its phone model, or perhaps, they don't take security seriously. Some phones become obsolete before the patch comes out. This leaves millions of Android users vulnerable to hacking. The last major flaw for Android was in its media processing function in ver 5.0, also known as Stagefright.
Apple signs each iOS package for a limited time. That means, once you upgrade iOS, you can't downgrade if the previous iOS package has expired. This is to prevent users from reverting its security as newer iOS packages generally come with improved security. Android on the other hand, allows you to root its device(if the bootloader is not locked) by flashing it with custom Android images. While this is a good way to mod the phone for specialised purposes, it introduces a security risk as modified images can introduce new bugs that can be exploited. Rooting the phone also grants the user with full privileges to its kernel, thus, bypassing default security mechanisms to prevent further hacking.
In a nutshell, it is clear which OS is more secure but it is up to the end user to decide which platform suits him, perhaps budget constraint or flexibility is a major deciding factor. Holistically, security lies with end user awareness. By simply clicking on a hyperlink can introduce malicious code that can take control of your phone remotely. Though, it is way more difficult to exploit an Apple phone than an Android phone, it is not entirely impossible.
No comments:
Post a Comment